WAR:The Night of the Hackers  by Richard Sandza

   From Newsweek, November 12, 1984 by Richard Sandza

   As you are surveying the dark and misty swamp you come across what
appears to be a small cave. You light a torch and enter. You have
walked several hundred feet when you stumble into a bright blue portal.
. . With a sudden burst of light and a loud explosion you are swept
into . . . DRAGONFIRE . . . Press Any Key if You Dare."

   You have programmed your personal computer to dial into Dragonfire,
a computer bulletin board in Gainesville, Texas. But before you get any
information, Dragonfire demands your name, home city and phone number.
So, for tonight's tour of the electronic wilderness you become Montana
Wildhack of San Francisco.

   Dragonfire, Sherwood Forrest (sic), Forbidden Zone, Blottoland,
Plovernet, The Vault, Shadowland, PHBI and scores of other computer
bulletin boards are hangouts of a new generation of vandals. These
precocious teenagers use their electronic skills to play hide-and-seek
with computer and telephone security forces. Many computer bulletin
boards are perfectly legitimate: they resemble electronic versions of
the familiar cork boards in supermarkets and school corridors, listing
services and providing information someone out there is bound to find
useful. But this is a walk on the wild side, a trip into the world of
underground bulletin boards dedicated to encouraging -- and making --
mischief.

   The phone number for these boards are as closely guarded as a
psychiatrist's home telephone number. Some numbers are posted on
underground boards; others are exchanged over the telephone. A friendly
hacker provided Dragonfire's number. Hook up and you see a broad choice
of topics offered. For Phone Phreaks -- who delight in stealing service
from AT&T and other phone networks.

   Phreakenstein's Lair is a potpourri of phone numbers, access codes
and technical information. For computer hackers -- who dial into other
people's computers -- Ranger's Lodge is chock-full of phone numbers and
passwords for government, university and corporate computers. Moving
through Dragonfire's offerings, you can only marvel at how conversant
these teen-agers are with the technical esoterica of today's electronic
age. Obviously they have spent a great deal of time studying computers,
though their grammar and spelling indicate they haven't been diligent
in other subjects. You are constantly reminded of how young they are.

   "Well it's that time of year again. School is back in session so
let's get those high school computer phone numbers rolling in. Time to
get straight A's, have perfect attendance (except when you've been up
all night hacking school passwords), and messing up you worst teacher's
paycheck."

   Forbidden Zone, in Detroit, is offering ammunition for hacker civil
war -- tips on crashing the most popular bulletin-board software. There
also are plans for building black, red and blue boxes to mimic operator
tones and get free phone service. And here are the details for "the
safest and best way to make and use nitroglycerin," compliments of
Doctor Hex, who says he got it "from my chemistry teacher."

   Flip through the "pages." You have to wonder if this information is
accurate. Can this really be the phone number and password for Taco
Bell's computer? Do these kids really have the dial-up numbers for
dozens of university computers? The temptation is too much. You sign
off and have your computer dial the number for the Yale computer. Bingo
-- the words Yale University appear on your screen. You enter the
password. A menu appears. You hang up in a sweat. You are now a hacker.

   Punch in another number and your modem zips off the touch tones.
Here comes the tedious side of all of this. Bulletin boards are
popular. No vacancy in Bates Motel (named for Anthony Perkin's creepy
motel in the movie "Psycho"); the line is busy. So are 221 B. Baker
Street, PHBI, Shadowland and The Vault, Caesar's Palace rings and
connects. This is different breed of board. Caesar's Palace is a
combination Phreak board and computer store in Miami. This is the place
to learn ways to mess up a department store's antishoplifting system,
or make free calls on telephones with locks on the dial. Pure
capitalism accompanies such anarchy, Caesar's Palace is offering good
deals on disc drives, software, computers and all sorts of hardware.
Orders are placed through electronic mail messages.'Tele-Trial': Bored
by Caesar's Palace, you enter the number for Blottoland, the board
operated by one of the nation's most notorious computer phreaks -- King
Blotto. This one has been busy all night, but it's now pretty late in
Cleveland. The phone rings and you connect. To get past the blank
screen, type the secondary password "S-L-I-M-E." King Blotto obliges,
listing his rules: he must have your real name, phone number, address,
occupation and interests. He will call and disclose the primary
password, "if you belong on this board." If admitted, do not reveal the
phone number or the secondary password, lest you face "tele-trial," the
King warns as he dismisses you by hanging up. You expected heavy
security, but this teen-ager's security is, as they say, awesome.
Computers at the Defense Department and hundreds of businesses let you
know when you've reached them. Here you need a password just to find
out what system answered the phone. Then King Blotto asks questions --
and hangs up. Professional computer-security experts could learn
something from this kid. He knows that ever since the 414 computer
hackers were arrested in August 1982, law-enforcement officers have
been searching for leads on computer bulletin boards.

   "Do you have any ties to or connections with any law enforcement
agency or any agency which would inform such a law enforcement agency
of this bulletin board?"

   Such is the welcoming message from Plovernet, a Florida board known
for its great hacker/phreak files. There amid a string of valid VISA
and MasterCard numbers are dozens of computer phone numbers and
passwords. Here you also learn what Blotto means by tele-trial. "As
some of you may or may not know, a session of the conference court was
held and the Wizard was found guilty of some miscellaneous charges, and
sentenced to four months without bulletin boards." If Wizard calls,
system operators like King Blotto disconnect him. Paging through
bulletin boards is a test of your patience. Each board has different
commands. Few are easy to follow, leaving you to hunt and peck your way
around. So far you haven't had the nerve to type "C," which summons the
system operator for a live, computer-to-computer conversation. The
time, however, however has come for you to ask a few questions of the
"sysop." You dial a computer in Boston. It answers and you begin
working your way through the menus. You scan a handful of dial-up
numbers, including one for Arpanet, the Defense department's research
computer. Bravely tap C and in seconds the screen blanks and your
cursor dances across the screen.

   Hello . . . What kind of computer do you have?

   Contact. The sysop is here. You exchange amenities and get
"talking." How much hacking does he do? Not much, too busy. Is he
afraid of being busted, having his computer confiscated like the Los
Angeles man facing criminal changes because his computer bulletin board
contained a stolen telephone-credit-card number? "Hmmmm . . . No," he
replies. Finally, he asks the dreaded question: "How old are you?" "How
old are YOU," you reply, stalling. "15," he types. Once you confess and
he knows you're old enough to be his father, the conversation gets very
serious. You fear each new question; he probably thinks you're a cop.
But all he wants to know is your choice for president. The chat
continues, until he asks, "What time is it there?" Just past midnight,
you reply. Expletive. "it's 3:08 here," Sysop types. "I must be going
to sleep. I've got school tomorrow." The cursor dances "***********
Thank you for Calling."

   The screen goes blank.

   Epilog:

   A few weeks after this reporter submitted this article to Newsweek,
he found that his credit had been altered, his drivers' license
revoked, and EVEN HIS Social Security records changed! Just in case you
all might like to construe this as a 'Victimless' crime. The next time
a computer fouls up your billing on some matter, and COSTS YOU, think
about it!

   This the follow-up to the previous article concerning the Newsweek
reporter. It spells out SOME of the REAL dangers to ALL of us, due to
this type of activity!

   The REVENGE of the Hackers

   In the mischievous fraternity of computer hackers, few things are
prized more than the veil of secrecy. As NEWSWEEK San Francisco
correspondent Richard Sandza found out after writing a story on the
electronic underground's (DISPATCHES, Nov. 12, 1984), ability to exact
revenge can be unnerving. Also severe.... Sandza's report:

   "Conference!" someone yelled as I put the phone to my ear. Then came
a mind-piercing "beep," and suddenly my kitchen seemed full of
hyperactive 15-year-olds. "You the guy who wrote the article in
NEWSWEEK?" someone shouted from the depths of static, and giggles.
"We're gonna disconnect your phone," one shrieked. "We're going to blow
up your house," called another. I hung up.

   Some irate readers write letters to the editor. A few call their
lawyers. Hackers, however, use the computer and the telephone, and for
more than simple comment. Within days, computer "bulletin boards"
around the country were lit up with attacks on NWEEK's "Montana
Wildhack" (a name I took from a Kurt Vonnegut character), questioning
everything from my manhood to my prose style. "Until we get real good
revenge," said one message from Unknown Warrior, "I would like to
suggest that everyone with an auto-l modem call Montana Butthack then
hang up when he answers." Since then the hackers of America have called
my home at least 2000 times. My harshest critics communicate on
Dragonfire, a Gainesville, Texas, bulletin board where I am on
tele-trial, a video-lynching in which a computer user with grievance
dials the board and presses charges against the offending party. Other
hackers -- including the defendant -- post concurrences or rebuttals.
Despite the mealtime interruptions, all this was at most a minor
nuisance; some was amusing, even fun.

   FRAUD: The fun stopped with a call from a man who identified himself
only as Joe. "I'm calling to warn you," he said. When I barked back, he
said, "Wait, I'm on your side. Someone has broken into TRW and obtained
a list of all your credit-card numbers, your home address,
social-security number and wife's name and is posting it on bulletin
boards around the country." He named the charge cards in my wallet.

   Credit-card numbers are a very hot commodity among some hackers. To
get one from a computer system and post it is the hacker equivalent of
making the team. After hearing from Joe I visited the local office of
the TRW credit bureau and got a copy of my credit record. Sure enough,
it showed a Nov. 13 inquiry by the Lenox (Mass.) Savings Bank, an
institution with no reason whatever to ask about me. Clearly some
hacker had used Lenox's password to the TRW computers to get to my
files (the bank has since changed the password).

   It wasn't long before I found out what was being done with my
credit-card numbers, thanks to another friendly hacker who tipped me to
Pirate 80, a bulletin board in Charleston, W.Va., where I found this:
"I'm sure you guys have heard about Richard Stza [sic] or Montana
Wildhack. He's the guy who wrote the obscene story about phreaking in
NewsWeek [sic]. Well, my friend did a credit card check on TRW . . .
try this number, it' a VISA . . . Please nail this guy bad . . .
Captain Quieg [sic]."

   Captain Quieg may himself be nailed. He has violated the Credit Card
Fraud Act of 1984 signed by President Reagan on Oct. 12. The law
provides a $10,000 fine and up to a 15-year prison term for
"trafficing" in illegally obtained credit-card account numbers. His
"friend" has committed a felony violation of the California
computer-crime law. TRW spokeswoman Delia Fernandex said that TRW would
"be more than happy to prosecute" both of them.

   TRW has good reason for concern. Its computers contain the credit
histories of 120 million people. Last year TRW sold 50 million credit
reports on their customers. But these highly confidential personal
records are so poorly guarded that computerized teenagers can ransack
the files and depart undetected. TRW passwords -- unlike many others --
often print out when entered by TRW's customers. Hackers then look for
discarded printouts. A good source: the trash of banks and automobile
dealerships, which routinely do credit checks. "Everybody hacks TRW,"
says Cleveland hacker King Blotto, whose bulletin board has security
system the Pentagon would envy. "It's the easiest." For her part,
Fernandez insists that TRW "does everything it can to keep the system
secure In my case, however, that was not enough. My credit limits would
hardly support big-time fraud, but victimization takes many forms.
Another hacker said it was likely that merchandise would be ordered in
my name and shipped to me -- just to harass me. I used to use
[credit-card numbers] against someone I didn't like," the hacker said.
"I'd call Sears and have a dozen toilets shipped to his house."

   Meanwhile, back on Dragonfire, my tele-trial was going strong. The
charges, as pressed my Unknown Warrior, include "endangering all
phreaks and hacks." The judge in this case is a hacker with the apt
name of Ax Murderer. Possible sentences range from e exile from the
entire planet" to "kill the dude." King Blotto has taken up my defense,
using hacker power to make his first pleading: he dialed up Dragonfire,
broke into its operating system and "crashed" the bulletin board,
destroying all of its messages naming me. The board is back up now,
with a retrial in full swing. But, then exile from the electronic
underground looks better all the time.

   Richard Sandza - December 10, 1984
